Security Vulnerabilities - CVEs Published In October 2023
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-10-27
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-10-27
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-10-27
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-27
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-27
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-27
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-27
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-27
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-27
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-27